[Security Solution] [Attacks/Alerts] Flyout: Move attack transform functions

[agusruidiazgd]

Summary

This PR moves attack discovery transform utilities from the Security Solution / Elastic Assistant plugin into the shared package @kbn/elastic-assistant-common, so they can be reused across plugins (e.g. Security Solution, Elastic Assistant, Cases) and to keep API↔internal conversion logic in one place.

Changes:

• Moved to kbn-elastic-assistant-common:
  • Alert transforms: transformAttackDiscoveryAlertFromApi, transformAttackDiscoveryAlertToApi
  • Schedule transforms: transformAttackDiscoveryScheduleFromApi, transformAttackDiscoveryScheduleToApi, plus create/update props variants (*ToApi / *FromApi) and schedule actions props transforms
  • Attack discovery helpers: getOriginalAlertIds, getTacticLabel, getTacticMetadata, replaceNewlineLiterals, transformInternalReplacements (from attack discovery helpers)
• Updated consumers in elastic_assistant and security_solution (and any other plugins that used these) to import from @kbn/elastic-assistant-common instead of local paths.
• Config/imports adjusted so the common package builds and type-checks correctly and all references are consistent.

No new UI or user-facing behavior; this is a refactor to centralize attack discovery transform and helper logic.

[elasticmachine]

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-threat-hunting-investigations (Team:Threat Hunting:Investigations)

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 0988b96
• Cloud Deployment

Failed CI Steps

• Jest Tests #7

Test Failures

• [job] [logs] Jest Tests #7 / discover responsive sidebar should render buttons in data view picker correctly

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
agentBuilder	1709	1726	+17
apm	2262	2067	-195
automaticImport	1088	1105	+17
cases	1550	1554	+4
datasetQuality	1231	1120	-111
discover	2100	1972	-128
elasticAssistant	636	653	+17
embeddableAlertsTable	651	456	-195
fleet	1659	1464	-195
infra	2010	1815	-195
maintenanceWindows	368	173	-195
ml	4293	4098	-195
monitoring	808	613	-195
observability	1903	1708	-195
observabilityAIAssistantApp	979	784	-195
observabilityShared	378	183	-195
securitySolution	9128	9132	+4
slo	1464	1269	-195
stackAlerts	421	226	-195
synthetics	1451	1256	-195
timelines	345	150	-195
transform	866	671	-195
triggersActionsUi	1325	1329	+4
uptime	953	758	-195
workflowsManagement	1332	1204	-128
workplaceAIApp	1026	1043	+17
total			-3407

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/elastic-assistant-common	705	740	+35
@kbn/rule-data-utils	214	215	+1
total			+36

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cases	1.7MB	1.7MB	+3.0B
securitySolution	11.3MB	11.3MB	-1.0B
triggersActionsUi	1.9MB	1.9MB	+8.0B
total			+10.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
cases	271.5KB	271.4KB	-73.0B
triggersActionsUi	109.2KB	109.1KB	-72.0B
total			-145.0B

Unknown metric groups

API count

id	before	after	diff
@kbn/elastic-assistant-common	831	867	+36
@kbn/rule-data-utils	227	228	+1
total			+37

History

• 💔 Build #404399 failed 3b7e9ea
• 💔 Build #404178 failed ac5c4e5
• 💔 Build #403618 failed 7332069
• 💔 Build #403603 failed 73f6cdf

cc @agusruidiazgd

[e40pud]

Thanks for restructuring this! 🚀

[nikitaindik]

Thanks for the refactor! I read through the changes in "Detections and Response" owned files. It all looks good to me.

[nkhristinin]

DE changes code review LGTM